Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X Configuration Manual page 198

JUNOSe 11.1.x IP Services Configuration Guide
show ipsec transform-set
show ipsec tunnel detail
172
Monitoring IPSec
Use to display the status, enabled or disabled, of IPSec options configured on
the current virtual router. Information is displayed for the following options:
Dead peer detection (DPD)
Network Address Translation Traversal (NAT-T). For information about
configuring and monitoring NAT-T on L2TP/IPSec tunnels, see "Securing
L2TP and IP Tunnels with IPSec" on page 287.
Transmission of invalid cookie notification in ISAKMP messages to peers
Example
host1:vrA#show ipsec option
IPsec options:
Dead Peer Detection: disabled
NAT Traversal : enabled
TX Invalid Cookie : disabled
See show ipsec option.
Use to display transform sets configured on the router.
To display a specific transform set, include the transform set name.
Field descriptions
Transform-set Displays the transforms in the transform set
Example 1
host1#show ipsec transform-set
Transform-set: Highest security = {esp-3des-hmac-sha }.
Transform-set: transform-esp-3des-hmac-sha = {esp-3des-hmac-sha }.
Example 2
host1#show ipsec transform-set transform-esp-3des-hmac-sha
Transform-set: transform-esp-3des-hmac-sha = {esp-3des-hmac-sha}.
See show ipsec transform-set.
Use to display the running configuration and statistics for each tunnel.
Field descriptions
IPSEC tunnel Name and state of tunnel for which information is displayed
Tunnel operational configuration Configuration running on the tunnel
Tunnel type Manual, signaled
Tunnel mtu MTU size of the tunnel
Tunnel localEndpoint IP address of local tunnel endpoint